block p2p help needed

A friend of me (student) is sharing his internet connection with some friends (cost reason).

He want to prevent that the friends are using bearshare and other p2p.

The mainrouter is a wrt54gs 1.1 with dd-wrt

The others are connecting to the main Router with another Router for security reasons.

Main Internet Connection - Wrt - friends connecting with cheap routers to the main Router.

Is it possible with iptables to block this traffic. When i directly connect with a Computer to the Mainrouter the blocking works. But the friends connected with another Router to the wrt can easily use bearshare for example. My question is why.

DD-WRT comes with netfilter and a default rulebase. It is possible to configure the rulebase through the DD-WRT GUI but it is primative. If you need granular control over access, then your friend should use FWbuilder.

FWbuilder is a GUI frontend for netfilter that models itself after Checkpoint's GUI. It simplifies the building of complex netfilter rules.

In your friend's case, he can filter traffic from the downstream router, allowing only certain protocols through and denying all other protocols; that is the most secure setup.